terminate eap-ttls
Phil Mayers
p.mayers at imperial.ac.uk
Wed Jun 19 17:01:14 CEST 2013
On 19/06/13 14:54, adrian.p.smith at bt.com wrote:
>
>>> What I really need to do is proxy the inner message to another
>>> Radius server which will do the authentication but I cannot get
>>> this to work. Whatever I try, I always see an EAP-Message avp
>>> heading off to the remote server. I have looked at the
>>> proxy-inner-tunnel virtual server but am unsure how to use it.
>
>> This *is* proxying the inner tunnel; the inner tunnel auth is also
>> EAP, and you're sending it to the remote server.
>
> Thanks, this is NOT what I want to do. I want to send the inner
> message, not the tunnel and do PAP on the remote server.
You can only do PAP on the remote server if your inner auth method was
PAP. Basically, this means EAP-TTLS/PAP.
Doing that is simple:
server inner-tunnel {
authorize {
update control {
Proxy-To-Realm := THEREALM
}
}
}
If this isn't working, send a debug from "radiusd -X"
More information about the Freeradius-Users
mailing list